Hi Masami,
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx> writes:
> Thus, we need to ensure that the ftrace_regs which is saved in the ftrace
> *without* FTRACE_WITH_REGS flags, can be used for hooking the function
> return. I saw;
>
> void arch_rethook_prepare(struct rethook_node *rh, struct pt_regs *regs, bool mcount)
> {
> rh->ret_addr = regs->gprs[14];
> rh->frame = regs->gprs[15];
>
> /* Replace the return addr with trampoline addr */
> regs->gprs[14] = (unsigned long)&arch_rethook_trampoline;
> }
>
> gprs[15] is a stack pointer, so it is saved in ftrace_regs too, but what about
> gprs[14]? (I guess it is a link register)
> We need to read the gprs[14] and ensure that is restored to gpr14 when the
> ftrace is exit even without FTRACE_WITH_REGS flag.
>
> IOW, it is ftrace save regs/restore regs code issue. I need to check how the
> function_graph implements it.
gpr2-gpr14 are always saved in ftrace_caller/ftrace_regs_caller(),
regardless of the FTRACE_WITH_REGS flags. The only difference is that
without the FTRACE_WITH_REGS flag the program status word (psw) is not
saved because collecting that is a rather expensive operation.
I used the following commands to test rethook (is that the correct
testcase?)
#!/bin/bash
cd /sys/kernel/tracing
echo 'r:icmp_rcv icmp_rcv' >kprobe_events
echo 1 >events/kprobes/icmp_rcv/enable
ping -c 1 127.0.0.1
cat trace
which gave me:
ping-686 [001] ..s1. 96.890817: icmp_rcv: (ip_protocol_deliver_rcu+0x42/0x218 <- icmp_rcv)
I applied the following patch on top of your patches to make it compile,
and rethook still seems to work:
commit dab51b0a5b885660630433ac89f8e64a2de0eb86
Author: Sven Schnelle <svens@xxxxxxxxxxxxx>
Date: Wed Sep 6 08:06:23 2023 +0200
rethook wip
Signed-off-by: Sven Schnelle <svens@xxxxxxxxxxxxx>
diff --git a/arch/s390/kernel/rethook.c b/arch/s390/kernel/rethook.c
index af10e6bdd34e..4e86c0a1a064 100644
--- a/arch/s390/kernel/rethook.c
+++ b/arch/s390/kernel/rethook.c
@@ -3,8 +3,9 @@
#include <linux/kprobes.h>
#include "rethook.h"
-void arch_rethook_prepare(struct rethook_node *rh, struct pt_regs *regs, bool mcount)
+void arch_rethook_prepare(struct rethook_node *rh, struct ftrace_regs *fregs, bool mcount)
{
+ struct pt_regs *regs = (struct pt_regs *)fregs;
rh->ret_addr = regs->gprs[14];
rh->frame = regs->gprs[15];
@@ -13,10 +14,11 @@ void arch_rethook_prepare(struct rethook_node *rh, struct pt_regs *regs, bool mc
}
NOKPROBE_SYMBOL(arch_rethook_prepare);
-void arch_rethook_fixup_return(struct pt_regs *regs,
+void arch_rethook_fixup_return(struct ftrace_regs *fregs,
unsigned long correct_ret_addr)
{
/* Replace fake return address with real one. */
+ struct pt_regs *regs = (struct pt_regs *)fregs;
regs->gprs[14] = correct_ret_addr;
}
NOKPROBE_SYMBOL(arch_rethook_fixup_return);
@@ -24,9 +26,9 @@ NOKPROBE_SYMBOL(arch_rethook_fixup_return);
/*
* Called from arch_rethook_trampoline
*/
-unsigned long arch_rethook_trampoline_callback(struct pt_regs *regs)
+unsigned long arch_rethook_trampoline_callback(struct ftrace_regs *fregs)
{
- return rethook_trampoline_handler(regs, regs->gprs[15]);
+ return rethook_trampoline_handler(fregs, fregs->regs.gprs[15]);
}
NOKPROBE_SYMBOL(arch_rethook_trampoline_callback);
diff --git a/arch/s390/kernel/rethook.h b/arch/s390/kernel/rethook.h
index 32f069eed3f3..0fe62424fc78 100644
--- a/arch/s390/kernel/rethook.h
+++ b/arch/s390/kernel/rethook.h
@@ -2,6 +2,6 @@
#ifndef __S390_RETHOOK_H
#define __S390_RETHOOK_H
-unsigned long arch_rethook_trampoline_callback(struct pt_regs *regs);
+unsigned long arch_rethook_trampoline_callback(struct ftrace_regs *fregs);
#endif
